Automatic user provisioning

Similar Messages

• Posixaccount and posixgroup user provisioning in sun LDAP through sunIDM 7

  Hi folk
  I am trying to do userprovisioning in LDAP for posixaccount and posixgroup.
  From authorative datasource I am getting role,rolestatus,uidNumber,cn etc.
  Based on role user will be placed in posixgoup.
  Role to group mapping is
  one-to-many
  Anybady can tell me how can i do it.
  User provisioning is automatically so i have make some changes in workflow and writea rule for role to group mapping and i need to call that rule in workflow.
  But how i will make changes in workflow and what chnages are required for posixaccount and posixgroup prov.
  please help if anybody has done or give me some idea how can i do it.
  Thanks

  Hello All,
  Thank you for your time and valuable replies.
  I got rid of the "Missing" error and now I am one step away from the solution.
  Now I am at a stage where: (for a user with initial password on LDAP)
  1. In AD if "User needs to change password on next logon" flag is NOT set - user can successfully logon to portal. (without being prompted for password change)
  2. In AD if "User needs to change password on next logon" flag is set - then user cannot logon to portal - I get User authentication failed error.
  I have went through a lot of discussions around this topic on SDN and different SAP Notes. I have tried to maintain UME Security policy as close as possible to LDAP (I cannot make it exactly same due to some differences in LDAP and UME).
  However, when and administrator can change passwords from UME successfully without any problem - it means that:
  - Security policy is being met
  - Service user used to communicate to LDAP has all the required access
  The only missing piece of the puzzle is how to enable the users to be able to change their passwords (with initial or expired passwords).
  According to Note 865399 - the default value for The property ume.ldap.access.set_pwd is TRUE.
  Also the property ume.ldap.access.pwd.via.usercontext can only be TRUE when ume.ldap.access.set_pwd is set to FALSE.
  So, I have tried setting the following without any success:
  <ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
  <ume.ldap.access.set_pwd>false</ume.ldap.access.set_pwd>
  Thanks,
  Shanti

• Multiple user provisioning

  Hi All,
  I created a Dummy resourse and created a access policy for the resource.For new users created the resource automatically gets provisioned however for the old users already in OIM db,how would I provision this resource.
  Do I need to provision each user seperatly?

  O yes...I am able to achieve what I required.
  Now my question is
  1.what is this Retrofit and what was the logic behin running Set User Provisioned Date?
  Edited by: abcd on Mar 11, 2010 4:21 AM

• SAP User Provisioning

  Hi Guys,
  What are the different options available for SAP User provisioning?
  Thanks
  Harry

  Hi Harry,
  In SAP GRC Access Enforcer5.2 two type of provisioning is available Direct and Indirect.
  1-You should only select InDirect if your SAP environment includes the SAP HR module, and you want to use SAP HR to perform provisioning. Otherwise, you should select Direct.
  If you select InDirect, you must then select the type of HR object Virsa Access Enforcer needs to transmit to the HR module. There are three possible object types: Position, Orgtype, and Job.
  2-You can perform Provisioning in two ways:-
     i)Automatically :- for this way you can set provisioning  type to Auto provision at the end of request or Auto provision at the end of each path 
     ii)Manually :- for this way you can set  provisioning  type to No autoprovision .
  For the provisioning configuration settings Go to Configuration tab>Workflow>Auto provisioning.
  3-You can also configure your user provisioning BY SYSTEM as well.
  For reference you can download configuration guide of Access enforcer 5.2 from SAP Market place
  https://websmp101.sap-ag.de/~form/sapnet?SHORTKEY=01100035870000691285_
  Regards,
  Jagat

• User provisioning problem from OIM 10g to Siebel CRM

  Hi Team,
  I am facing User provisioning problem from OIM 10g to Siebel CRM.Please find the log details.
  Running Get Attribute Mapping
  Running Siebel Create User
  <com.siebel.common.common.CSSException>
  <Error><ErrorCode>8716601</ErrorCode> <ErrMsg>Socket had incorrect word size: 0.(SBL-JCA-00313)</ErrMsg></Error>
  </com.siebel.common.common.CSSException>
          at com.siebel.om.conmgr.Connection.readPacket(Connection.java:550)
          at com.siebel.om.conmgr.Connection.run(Connection.java:286)
          at java.lang.Thread.run(Thread.java:619)
  [CMGR FATAL] Error: <com.siebel.common.common.CSSException>
  <Error><ErrorCode>8716601</ErrorCode> <ErrMsg>Socket had incorrect word size: 0.(SBL-JCA-00313)</ErrMsg></Error>
  </com.siebel.common.common.CSSException> connection:1
  <com.siebel.common.common.CSSException>
  <Error><ErrorCode>8716601</ErrorCode> <ErrMsg>Socket had incorrect word size: 0.(SBL-JCA-00313)</ErrMsg></Error>
  </com.siebel.common.common.CSSException>
          at com.siebel.om.conmgr.Connection.readPacket(Connection.java:550)
          at com.siebel.om.conmgr.Connection.run(Connection.java:286)
          at java.lang.Thread.run(Thread.java:619)
  [CMGR FATAL] Error: <com.siebel.common.common.CSSException>
  <Error><ErrorCode>8716601</ErrorCode> <ErrMsg>Socket had incorrect word size: 0.(SBL-JCA-00313)</ErrMsg></Error>
  </com.siebel.common.common.CSSException> connection:1ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
  ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],com.thortech.xl.integration.siebel.utils.SiebelConnection : createSiebelConnection() :  Siebel Connection Exception:Could not open a session in 4 attempts. {1}(SBL-JCA-00200)
  ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
  ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
  ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],com.thortech.xl.integration.siebel.proxy.SiebelProxyEmployeeProvisionManager : createSiebelConnection() : BaseException: Siebel Connection JDB Exception: Could not open a session in 4 attempts. {1}(SBL-JCA-00200)
  ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
  ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
  ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],com.thortech.xl.integration.siebel.provision.SiebelUtilEmployeeProvisionManager : createEmployee() : BaseException: Siebel Connection JDB Exception: Could not open a session in 4 attempts. {1}(SBL-JCA-00200)
  ERROR,22 Aug 2013 12:58:27,689,[XL_INTG.SIEBEL],====================================================
  Regards,
  Ravi.

  Hi
  I facing the same error message as yours, using OIM 11g R2
  Are you able solve it ?
  Please share
  Many Thanks !!!

• User Provisioning in OIM 11g to Oracle DB 11g R2

  Hi All,
  We have installed OIM 11.1.1.5. We have created User in OIM and wanted to provision it to database 11g R2. For this we have created a table in DB.
  We are not sure about the next steps or which connectors to use....
  Experts can u please guide me through steps or link or snapshots to achieve the above scenario?
  Regards,
  Newbie

  Hi Kevin,
  Thanks , that was a complete document.
  However I achieved User Provisioning by creating GTC. This i found in below document-
  http://tooweaktogivein.com/2010/02/16/oim-provisioning-db/
  Now my query is how do i fetch the values entered in UDF by admin (User Form) to the Form which comes when we select Resource Object (probably process form as i don't see any option as Object form in 11.1.1.5).
  Currently- 1. Admin creates user
  2. Admin selects Resource Object (Created via GTC)
  3. Admin has to re-enter the values which we created in our table (To be stored in DB).
  Summary- how to populate the values entered in step 1 to step 3
  Thanks & Regards,
  Newbie

• IOP 11.1.2.0 integration with Shared Services (User Provisioning)

  In the IOP 11.1.2.0 install guide, the Admin and Admin provisioning roles are provisioned through Shared Services.
  "Provision Integrated Operational Planning Administrator and Integrated Operational Planning
  Provisioning Manager roles for the Integrated Operational Planning instance to the Admin user through
  Oracle's Hyperion® Shared Services Console
  a. Connect to the Oracle's Hyperion® Shared Services Console; for example, http://
  hss_server:hssserver_port/interop.
  b. Log in as the administrator.
  c. Expand User Directories and Native Directory.
  d. Select Users and click Search.
  e. Right-click the Admin user and select Provision.
  f. Expand Default Application Group.
  g. Expand the Integrated Operational Planning instance created.
  h. Highlight IOP Administrator and Provisioning Manager.
  i. Click the right arrow in the middle of the two windows to select the roles.
  j. Click Save, and then click OK."
  The users and groups are defined in Shared Services, per the IOP 11.1.2.0 admin guide (p. 144).
  Is there an IOP user provisioning example in the shared services user's guide, and which version of the guide would I find that in?
  Access priveledges are controlled from the Admin workbench for IOP users, per p.145 of the IOP 11.1.2.00 user's guide.
  Thank you.

  IOP Roles are listed in the 11.1.2 Shared Services User and Role Security Guide, on page 158:
  Integrated Operational Planning Roles
  Table 39 Integrated Operational Planning Roles
  Roles Tasks per Role
  Provisioning Manager Provisions users and groups with Disclosure Management roles
  IOP Administrator Administers Oracle Integrated Operational Planning, Fusion Edition. IOP Administrators can modify models, access
  ACL pages, and perform all Integrated Operational Planning tasks
  IOP User P erforms Oracle Integrated Operational Planning, Fusion Edition actions as a normal user

• Some features not available to Automatic User

  We have 2 new macs running Leopard and are having the same issue with both. As the default automatic user, some features are not available. For example, the eye icon for QuickLook does not appear in any of the windows, such as the Finder. In Mail, the stationary button does not appear. If I create a second user (I also gave it admin privileges), both these features show up just fine. Has anyone else noticed this or is there a fix?
  Thanks,
  Joan

  Did you upgrade from Tiger? If so, the default user is not really a member of group 'Staff', so Finder doesn't get the default Tool Bar. Just CtlClick on the Finder bar and select "Customize Toolbar", then add the QuickLook icon.

• SCCM 2012 - Automatic User Device affinity - Not Working

  Hi,
  I need to enable the Automatic User Device affinity.
  Have enabled following two group policy settings:
  Audit account logon events
  Audit logon events
  In client settings User and Device Affinity
  following is enabled:
  User device affinity threshold (120 minutes)
  User device affinity threshold (2 days)
  Automatically configure user device affinity from usage data – True
  However even after 2 days there is no user device relationship getting build.
  Is there anything more required to be done?
  Any logs or links to be referred for troubleshooting?
  Regards,
  Milind Dhuri.

  Hi,
  Please post this in SCCM 2012 forum.
  tx.

• Automatic User device affinity, historical time stamp

  Hi all,
  I have a small questions. I've enabled Automatic User Device Affinity for all my works stations today. After a few hours I've see that nobody has primary device attached. If I go to an user at edit primary device I can see on what devices and how many
  times the user was logged,
  I've setup affinity for minutes 2880 min (48 hours) and 30 days, so who was logged more than 48 hours in last 30 days is made automatically device owner. How long I need to wait now. He can use historical data, no?
  Thanks. 

  No, I dont believe it will use historical data. After 48 hours from you enabling it, you should start seeing primary users, but only if the users have been logged in for 48 consecutive hours.
  Honestly I would not expect data for a good week.
  Daniel Ratliff | http://www.PotentEngineer.com
  I shrink the period 300 min with 14 days. Just to see some reports, after I will come back with longer times. Thanks.

• Automatic User Device Affinity doesn't work

  Hi, the automatic User Device Affinity doesn't work in my environment and I don't know why! The audit policies are enabled by GPO and User Device Affinity is correctly configured in SCCM. Below are some screenshots including de log of User Device Affinity.
  Anybody could help-me please?

  An old post but,
  This can happened when activating
  advanced audit policy in one of the GPO. once it was activated, it gets override the regular audit policy with different event id's that SCCM don't recognize. in addition, the machine tattooed with those settings so removing the GPO wont revert the settings.
  Check out this thread for more information and help:
  http://social.technet.microsoft.com/Forums/en-US/f3a4b675-e955-4cd2-bba6-d51ea06dd362/user-affinity-not-working-properly?forum=configmanagergeneral
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• User Provisioning Issue in Essbase 11.1.2.2

  Hi Experts,
  We have done migration from 11.1.1 to 11.1.2.2 version.Everything went fine but got problem with User provisioning.
  All our users provisioning are managed via Native Groups
  Eg: FIJI_READ,FIJI_WRITE are the Native Groups.
  What we have done is created the Native group provisioned the group with the roles and added the user to the group.
  The problem is the users assigned to these groups “lose” their permissions after sometime. They do still appear to be part of the group when we check in Shared Services, but when we run a MAXL command for a user, say VIBIN:
  DISPLAY USER PRIVILEGE VIBIN;
  It shows the user has having none. The user doesn’t see any cubes on logging in too. From what we’ve seen so far, we can trust the MAXL command output, but not what we see in Shared Services. The user VIBIN still shows as being part of the group FIJI_READ which is provisioned with READ role for the FIJI database. This is very inconsistent behavior.
  The only workaround so far is to directly provision users (i.e.  bypass provisioning via Groups):
  GRANT READ ON DATABASE FIJI.CONSOL TO VIBIN;
  This isn’t very manageable but the ONLY option that seems to be “sticky”. Have anyone gone through this issue  before? Any idea/advice?
  Regards,
  Naveen

  I  exported the Sec file from Security and when i see the content i cant see any groups which are created in Shared Services but only all the applications,databases  and some of the Administrators of the applications only i can see. But normal users who are added in Shared Services to the group i cant able to see.Is there any thing wrong in it.
  Regards,
  Naveen

• How to create automatically users&roles in CUA and in chlid systems?

  Hi,
  i have a CUA on a 2 chlid R/3 systems (test and training) and 2 portal systems (test and training).
  i need to create a web application to create automatically users test and users training in CUA and see them in the R/3 chlid systems and at the same time to create autmatically a roles in CUA and R/3 chlid systems for those users (we sppose that the role is already stored in a table).
  are there any standard BAPI or Funcion modules that can do this job?
  is the role created automatically in CUA can be seen automaticall in the portal child system?
  any help?
  Thanks&Best regards

  You can use one of the various ways Java EE provides you, e.g. container managed authentication.
  It's also all in the Java EE tutorial: [http://java.sun.com/javaee/5/docs/tutorial/doc/bncas.html].
  You can configure it in the application server as well: [http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html].
  Here is an example how to use it in JSF: [http://ocpsoft.com/java/acegi-spring-security-jsf-login-page/].

• How to create automatically users&roles in CUA and child systems

  Hi,
  i have a CUA on a 2 chlid R/3 systems (test and training) and 2 portal systems (test and training).
  i need to create a web application to create automatically users test and users training in CUA and see them in the R/3 chlid systems and at the same time to create autmatically a roles in CUA and R/3 chlid systems for those users (we sppose that the role is already stored in a table).
  are there any standard BAPI or Funcion modules that can do this job?
  is the role created automatically in CUA can be seen automaticall in the portal child system?
  any help?
  Thanks&Best regards

  Thank you all. I got the solution.
  Regards
  Rajesh

• While serching user provisioning in Shared Services it says................

  While serching users provisioning in Shared Services it says...............
  Operation cannot be completed.
  We are able to search users in the directories but ...not able to see their provisions!

  Are you trying to look at user provisioning Reports ?
  Please elaborate